Not able to access placeholder, which is added as secret and the secret is mounted as volume rather than environment variable

Question

My password placeholder in Application.yaml in spring boot project:

password: {DB_PASSWORD}

My secret file:

apiVersion: v1
data:
  DB_PASSWORD: QXBwX3NhXzA1X2pzZHVlbmRfMzIx
kind: Secret
type: Opaque
metadata:
  name: test-secret

My Deployment config file part:

spec:
      containers:
        - envFrom:
            - configMapRef:
                name: gb-svc-rpt-dtld-cc
          image: >-
            artifactory.global.standardchartered.com/colt/gb-svc-reports-dataloader-cc/gb-svc-reports-dataloader-cc-develop@sha256:c8b7e210c18556155d8314eb41965fac57c1c9560078e3f14bf7407dbde564fb
          imagePullPolicy: Always
          name: gb-svc-rpt-dtld-cc
          ports:
            - containerPort: 8819
              protocol: TCP
          volumeMounts:
            - mountPath: /etc/secret
              name: secret-test
      volumes:
        - name: secret-test
          secret:
            defaultMode: 420
            secretName: test-secret

I'm able to see the secrets added in /etc/secret path also. But it is not getting referred in placeholders and getting error while server startup.

Could not resolve placeholder 'DB_PASSWORD' in value "${DB_PASSWORD}"

Note: Same code works if i add the secret as environment variable in deployment config

Answer 1

As I understand from your question you are trying to mount secret to a pod as an environment variable. In kubernetes secrets are able to mount as a volume (which you did in the attached code) and as env variable (as you like to do)

For that you should use:

spec:
    containers:
    - env:
      - name: DB_PASSWORD
        valueFrom:
          secretKeyRef:
            key: DB_PASSWORD
            name: test-secret
      image: "fedora:29"
      name: my_app